diff options
Diffstat (limited to 'actionview')
| -rw-r--r-- | actionview/CHANGELOG.md | 6 | ||||
| -rw-r--r-- | actionview/lib/action_view/helpers/sanitize_helper.rb | 10 | ||||
| -rw-r--r-- | actionview/lib/action_view/helpers/text_helper.rb | 2 | ||||
| -rw-r--r-- | actionview/lib/action_view/rendering.rb | 6 | ||||
| -rw-r--r-- | actionview/lib/action_view/template.rb | 2 | ||||
| -rw-r--r-- | actionview/test/abstract_unit.rb | 18 | ||||
| -rw-r--r-- | actionview/test/fixtures/test/render_file_instance_variable.erb | 1 | ||||
| -rw-r--r-- | actionview/test/template/compiled_templates_test.rb | 4 | ||||
| -rw-r--r-- | actionview/test/template/output_safety_helper_test.rb | 5 |
9 files changed, 36 insertions, 18 deletions
diff --git a/actionview/CHANGELOG.md b/actionview/CHANGELOG.md index 59afed1f98..c12fb2e5ae 100644 --- a/actionview/CHANGELOG.md +++ b/actionview/CHANGELOG.md @@ -1,3 +1,9 @@ +* Allow render locals to be assigned to instance variables in a view. + + Fixes #27480. + + *Andrew White* + * Add `check_parameters` option to `current_page?` which makes it more strict. *Maksym Pugach* diff --git a/actionview/lib/action_view/helpers/sanitize_helper.rb b/actionview/lib/action_view/helpers/sanitize_helper.rb index 3d6ff598ee..1e9b813d3d 100644 --- a/actionview/lib/action_view/helpers/sanitize_helper.rb +++ b/actionview/lib/action_view/helpers/sanitize_helper.rb @@ -45,17 +45,15 @@ module ActionView # Providing a custom Rails::Html scrubber: # # class CommentScrubber < Rails::Html::PermitScrubber - # def allowed_node?(node) - # !%w(form script comment blockquote).include?(node.name) + # def initialize + # super + # self.tags = %w( form script comment blockquote ) + # self.attributes = %w( style ) # end # # def skip_node?(node) # node.text? # end - # - # def scrub_attribute?(name) - # name == 'style' - # end # end # # <%= sanitize @comment.body, scrubber: CommentScrubber.new %> diff --git a/actionview/lib/action_view/helpers/text_helper.rb b/actionview/lib/action_view/helpers/text_helper.rb index 07dccf5b41..bc922f9ce8 100644 --- a/actionview/lib/action_view/helpers/text_helper.rb +++ b/actionview/lib/action_view/helpers/text_helper.rb @@ -187,7 +187,7 @@ module ActionView unless separator.empty? text.split(separator).each do |value| if value.match(regex) - regex = phrase = value + phrase = value break end end diff --git a/actionview/lib/action_view/rendering.rb b/actionview/lib/action_view/rendering.rb index 0e72316eb7..cf18562c45 100644 --- a/actionview/lib/action_view/rendering.rb +++ b/actionview/lib/action_view/rendering.rb @@ -124,7 +124,11 @@ module ActionView key = action.include?(?/) ? :template : :action options[key] = action else - options[:partial] = action + if action.respond_to?(:permitted?) && action.permitted? + options = action + else + options[:partial] = action + end end options diff --git a/actionview/lib/action_view/template.rb b/actionview/lib/action_view/template.rb index 4b793c3b16..c067031d2d 100644 --- a/actionview/lib/action_view/template.rb +++ b/actionview/lib/action_view/template.rb @@ -326,7 +326,7 @@ module ActionView # Only locals with valid variable names get set directly. Others will # still be available in local_assigns. locals = @locals - Module::RUBY_RESERVED_KEYWORDS - locals = locals.grep(/\A(?![A-Z0-9])(?:[[:alnum:]_]|[^\0-\177])+\z/) + locals = locals.grep(/\A@?(?![A-Z0-9])(?:[[:alnum:]_]|[^\0-\177])+\z/) # Double assign to suppress the dreaded 'assigned but unused variable' warning locals.each_with_object("") { |key, code| code << "#{key} = #{key} = local_assigns[:#{key}];" } diff --git a/actionview/test/abstract_unit.rb b/actionview/test/abstract_unit.rb index fbdaa07fb0..dde66a7ba0 100644 --- a/actionview/test/abstract_unit.rb +++ b/actionview/test/abstract_unit.rb @@ -271,15 +271,15 @@ module ActionDispatch end end -# Skips the current run on Rubinius using Minitest::Assertions#skip -def rubinius_skip(message = "") - skip message if RUBY_ENGINE == "rbx" -end -# Skips the current run on JRuby using Minitest::Assertions#skip -def jruby_skip(message = "") - skip message if defined?(JRUBY_VERSION) -end - class ActiveSupport::TestCase include ActiveSupport::Testing::MethodCallAssertions + + # Skips the current run on Rubinius using Minitest::Assertions#skip + private def rubinius_skip(message = "") + skip message if RUBY_ENGINE == "rbx" + end + # Skips the current run on JRuby using Minitest::Assertions#skip + private def jruby_skip(message = "") + skip message if defined?(JRUBY_VERSION) + end end diff --git a/actionview/test/fixtures/test/render_file_instance_variable.erb b/actionview/test/fixtures/test/render_file_instance_variable.erb new file mode 100644 index 0000000000..5344ac8a66 --- /dev/null +++ b/actionview/test/fixtures/test/render_file_instance_variable.erb @@ -0,0 +1 @@ +<%= @foo %>
\ No newline at end of file diff --git a/actionview/test/template/compiled_templates_test.rb b/actionview/test/template/compiled_templates_test.rb index 40ac867b38..adb2be9be4 100644 --- a/actionview/test/template/compiled_templates_test.rb +++ b/actionview/test/template/compiled_templates_test.rb @@ -38,6 +38,10 @@ class CompiledTemplatesTest < ActiveSupport::TestCase assert_equal "🎂", render(file: "test/render_file_unicode_local", locals: { 🎃: "🎂" }) end + def test_template_with_instance_variable_identifier + assert_equal "bar", render(file: "test/render_file_instance_variable", locals: { "@foo": "bar" }) + end + def test_template_gets_recompiled_when_using_different_keys_in_local_assigns assert_equal "one", render(file: "test/render_file_with_locals_and_default") assert_equal "two", render(file: "test/render_file_with_locals_and_default", locals: { secret: "two" }) diff --git a/actionview/test/template/output_safety_helper_test.rb b/actionview/test/template/output_safety_helper_test.rb index 41ae36e91a..0f3288130b 100644 --- a/actionview/test/template/output_safety_helper_test.rb +++ b/actionview/test/template/output_safety_helper_test.rb @@ -33,6 +33,11 @@ class OutputSafetyHelperTest < ActionView::TestCase assert_equal ""a" <br/> <b> <br/> <c>", joined end + test "safe_join should return the safe string separated by $, when second argument is not passed" do + joined = safe_join(["a", "b"]) + assert_equal "a#{$,}b", joined + end + test "to_sentence should escape non-html_safe values" do actual = to_sentence(%w(< > & ' ")) assert actual.html_safe? |